What Are You Looking For?

Popular Tags

Sign Up
Oracle Linux Security Advisory ELSA-2023-4177

https://linux.oracle.com/errata/ELSA-2023-4177.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-17-openjdk-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-demo-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-devel-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-headless-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-javadoc-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-javadoc-zip-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-jmods-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-src-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-static-libs-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-src-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-src-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm

aarch64:
java-17-openjdk-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-demo-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-devel-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-headless-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-javadoc-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-javadoc-zip-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-jmods-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-src-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-static-libs-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-src-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-src-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm


SRPMS:
https://oss.oracle.com/ol9/SRPMS-updates//java-17-openjdk-17.0.8.0.7-2.0.1.el9.src.rpm

Related CVEs:

CVE-2023-22006
CVE-2023-22036
CVE-2023-22041
CVE-2023-22044
CVE-2023-22045
CVE-2023-22049
CVE-2023-25193




Description of changes:

[1:17.0.8.0.7-2.0.1]
- OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036)
- OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041)
- OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049)
- harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193)
- OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006)
- OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044)
- OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045)
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:17.0.8.0.6-0.1.ea]
- Update to jdk-17.0.8+6 (EA)
- Sync the copy of the portable specfile with the latest update
- Resolves: rhbz#2217716

[1:17.0.8.0.1-0.1.ea]
- Update to jdk-17.0.8+1 (EA)
- Update release notes to 17.0.8+1
- Switch to EA mode
- Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 17.0.8+1
- Bump bundled LCMS version to 2.15 as in jdk-17.0.8+1.
- Bump bundled HarfBuzz version to 7.0.1 as in jdk-17.0.8+1
- Use tapsets from the misc tarball
- Introduce 'prelease' for the portable release versioning, to handle EA builds
- Make sure root installation directory is created first
- Use in-place substitution for all but the first of the tapset changes
- Related: rhbz#2217716

[1:17.0.7.0.7-4]
- Introduce vm_variant global for consistency with future JDK builds
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Exclude classes_nocoops.jsa on i686 and arm32
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Following JDK-8005165, class data sharing can be enabled on all JIT architectures
- Related: rhbz#2203412

[1:17.0.7.0.7-4]
- Fix packaging of CDS archives
- Resolves: rhbz#2203412


_______________________________________________
El-errata mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle9: ELSA-2023-4177: java-17-openjdk Moderate Security Update

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

[1:17.0.8.0.7-2.0.1] - OpenJDK: ZIP file parsing infinite loop (8302483) (CVE-2023-22036) - OpenJDK: weakness in AES implementation (8308682) (CVE-2023-22041) - OpenJDK: improper handling of slash characters in URI-to-path conversion (8305312) (CVE-2023-22049) - harfbuzz: OpenJDK: O(n^2) growth via consecutive marks (CVE-2023-25193) - OpenJDK: HTTP client insufficient file name validation (8302475) (CVE-2023-22006) - OpenJDK: modulo operator array indexing issue (8304460) (CVE-2023-22044) - OpenJDK: array indexing integer overflow issue (8304468) (CVE-2023-22045) - Add Oracle vendor bug URL [Orabug: 34340155] [1:17.0.8.0.6-0.1.ea] - Update to jdk-17.0.8+6 (EA) - Sync the copy of the portable specfile with the latest update - Resolves: rhbz#2217716 [1:17.0.8.0.1-0.1.ea] - Update to jdk-17.0.8+1 (EA) - Update release notes to 17.0.8+1 - Switch to EA mode - Drop local inclusion of JDK-8274864 & JDK-8305113 as they are included in 17.0.8+1 - Bump bundled LCMS version to 2.15 as in jdk-17.0.8+1. - Bump bundled HarfBuzz version to 7.0.1 as in jdk-17.0.8+1 - Use tapsets from the misc tarball - Introduce 'prelease' for the portable release versioning, to handle EA builds - Make sure root installation directory is created first - Use in-place substitution for all but the first of the tapset changes - Related: rhbz#2217716 [1:17.0.7.0.7-4] - Introduce vm_variant global for consistency with future JDK builds - Related: rhbz#2203412 [1:17.0.7.0.7-4] - Exclude classes_nocoops.jsa on i686 and arm32 - Related: rhbz#2203412 [1:17.0.7.0.7-4] - Following JDK-8005165, class data sharing can be enabled on all JIT architectures - Related: rhbz#2203412 [1:17.0.7.0.7-4] - Fix packaging of CDS archives - Resolves: rhbz#2203412

SRPMs

https://oss.oracle.com/ol9/SRPMS-updates//java-17-openjdk-17.0.8.0.7-2.0.1.el9.src.rpm

x86_64

java-17-openjdk-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-demo-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-devel-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-headless-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-javadoc-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-javadoc-zip-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-jmods-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-src-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-static-libs-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-src-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-src-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.0.1.el9.x86_64.rpm

aarch64

java-17-openjdk-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-demo-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-devel-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-headless-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-javadoc-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-javadoc-zip-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-jmods-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-src-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-static-libs-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-demo-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-demo-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-devel-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-devel-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-headless-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-headless-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-jmods-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-jmods-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-src-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-src-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-static-libs-fastdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm java-17-openjdk-static-libs-slowdebug-17.0.8.0.7-2.0.1.el9.aarch64.rpm

i386

Severity
Related CVEs: CVE-2023-22006 CVE-2023-22036 CVE-2023-22041 CVE-2023-22044 CVE-2023-22045 CVE-2023-22049 CVE-2023-25193

Related News

Long-term Support for Linux Kernel to Be Cut as Maintenance Remains Under Strain

Sep 21, 2023

Akira Ransomware Mutates to Target Linux Systems, Adds TTPs

Sep 27, 2023

Pros And Cons Of Linux Programming

Oct 1, 2023

Chinese Hackers Have Unleashed a Never-Before-Seen Linux Backdoor

Sep 19, 2023

News

Advisories

HOWTOs

Features

Everything You Need to Know About Linux Proxy Servers
Simple Steps for Identifying & Troubleshooting a Kernel Panic
Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy
Supercharging Linux: Tips & Tricks to Beat the Threat Landscape
LinuxSecurity.com Migrates to Joomla 4 and PHP 8: Our Experience & Key Takeaways

About Us

Powered By

Footer Logo

Feedback